Signet Fixes Data Issue at Kay, Jared

RAPAPORT... Signet Jewelers has repaired a configuration bug on the
order pages of subsidiaries Kay and Jared that accidentally exposed the personal
information of customers who purchased online.

A Jared customer contacted Signet last month after noting he
could see other buyers’ order information by slightly modifying the link in his
own confirmation email. The accessible data included names, billing addresses
and the last four digits of customers’ credit-card numbers.

The customer then contacted cybersecurity news website Krebs
on Security when there was no change in his ability to view others’ data. Signet
had, in fact, fixed the problem for all future orders, but it
hadn’t solved it for past and current orders, Krebs cited Scott Lancaster, Signet’s
chief information security officer, as saying. The jeweler later resolved the
data leak for all orders, Lancaster continued.

“In early November, a customer made us aware of a
configuration detail associated with the completed-order confirmation page for
our e-commerce websites for Kay, Jared and select North American regional banners,”
Signet told Rapaport News Tuesday. “The affected order-confirmation page
only included information such as name, billing and shipping address, phone
number, order details, and last four digits of the credit card used, but did
not include sensitive information such as full credit-card numbers, usernames
and passwords to accounts, or social-security numbers.”

Online sales have grown over the past year, culminating
in the largest US online shopping day of all time on Cyber Monday, which
grossed $7.9 billion. Organized retail crime is also climbing, with 92% of
companies surveyed by the National Retail Federation stating they had been a
victim within the past year. Retailers attributed that increase, in part, to
the ease of online fraud, the trade body said last month.

“We are a customer-first company, and when we fall short of
expectations, we own it,” Signet added. “While we immediately addressed and
fixed this configuration detail for all past, present and future orders, we are
continuing to work with multiple third‐party experts to confirm and enhance the
security of our e-commerce websites.”